Re: STARTTLS & EHLO: Errata text?
ned+ietf-smtp@mrochek.com Fri, 30 January 2009 19:28 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0UJSuN7001115 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 30 Jan 2009 12:28:56 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0UJSuem001114; Fri, 30 Jan 2009 12:28:56 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0UJSt7N001108 for <ietf-smtp@imc.org>; Fri, 30 Jan 2009 12:28:55 -0700 (MST) (envelope-from ned+ietf-smtp@mrochek.com)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01N4WLKR6BG000YBWJ@mauve.mrochek.com> for ietf-smtp@imc.org; Fri, 30 Jan 2009 11:28:54 -0800 (PST)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01N4WIIQ1C9S00007A@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf-smtp@imc.org; Fri, 30 Jan 2009 11:28:50 -0800 (PST)
Date: Fri, 30 Jan 2009 11:27:24 -0800
From: ned+ietf-smtp@mrochek.com
Subject: Re: STARTTLS & EHLO: Errata text?
In-reply-to: "Your message dated Fri, 30 Jan 2009 19:05:07 +0000" <alpine.LSU.2.00.0901301832470.4795@hermes-2.csi.cam.ac.uk>
To: Tony Finch <dot@dotat.at>
Cc: Tony Hansen <tony@att.com>, ietf-smtp@imc.org
Message-id: <01N4WLKPR49O00007A@mauve.mrochek.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7bit
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk> <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk> <497F86CB.60904@att.com> <alpine.LSU.2.00.0901281434440.4546@hermes-2.csi.cam.ac.uk> <498088B8.9040404@pscs.co.uk> <alpine.LSU.2.00.0901291310080.4546@hermes-2.csi.cam.ac.uk> <4981C0D5.1010401@pscs.co.uk> <4981C6BD.2040900@att.com> <37F39FF37390694B69567838@PST.JCK.COM> <4981E1AB.9000002@att.com> <alpine.LSU.2.00.0901301832470.4795@hermes-2.csi.cam.ac.uk>
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
> On Thu, 29 Jan 2009, Tony Hansen wrote: > > > > Section: > > 4.2 Result of the STARTTLS Command > > > > Old text: > > The server MUST discard any knowledge obtained from the client, such > > as the argument to the EHLO command, which was not obtained from the > > TLS negotiation itself. > > > > New text: > > The server MUST discard any knowledge obtained from the client that > > was not obtained from the TLS negotiation itself. The server state > > is otherwise as if the connection had just been opened. > I prefer Alexey's suggested "MUST NOT trust" text. > Note that my comment about AUTH information applies to the client as well > as the server. > Also note that AUTH means this trust issue applies to more than just SMTP > commands, arguments, and replies - it applies to SASL exchanges as well. > > Section: > > 4.2 Result of the STARTTLS Command > > > > Old text: > > The client SHOULD send an EHLO command as the > > first command after a successful TLS negotiation. > > > > New text: > > The client MUST send either an EHLO command or a HELO command as the > > first command after a successful TLS negotiation. > That's incorrect. It's OK to QUIT at this point, for example. Rather than > paraphrasing 2821/5321, perhaps it would be better to quote verbatim. > I suggest that this paragraph should read: > Upon completion of the TLS handshake, the SMTP protocol is reset to > the initial state (the state in SMTP after a server issues a 220 > service ready greeting). The requirement in [RFC5321] that "a client > MUST issue HELO or EHLO before starting a mail transaction" also > applies to this fresh state. > The server MUST NOT trust any knowledge obtained from the client before > the TLS negotiation itself. The client MUST NOT trust any knowledge > obtained from the server before the TLS negotiation itself. This > includes all commands, arguments, replies, and extended exchanges > (though in typical use there is little more than the client's EHLO > command and the server's reply). This definitely works for me. > > Because the server state machine is reset to an initial connection > > state after negotiating TLS, and any modifications to the server > > state will be lost, the client SHOULD NOT issue any MAIL > > FROM or RCPT TO commands prior to using the STARTTLS command. > I think this is unnecessary. I doubt anyone has been confused enough to > implement software that would violate this requirement. I only mentioned > it for sake of argument. Agreed. Ned
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Bill McQuillan
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Tony Hansen
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO SM
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Peter Bowyer
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Alessandro Vesely
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Alexey Melnikov
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- RFC 1123bis? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? SM